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DESCRIPTION 

NETWORK AUTHENTIFICATION SYSTEM AND METHOD THEREOF 



Technical Field 

The present invention relates to a security technique in 
a network for a commercial purpose such as Internet, etc. . 



Background Arts 

As the Internet has increasingly been utilized for 
commercial purposes, it is required that a security technique 
of the network be promptly established. 

That is, the Internet deals with data communications 
using an open protocol based on TCP/IP (Transmission Control 
Protocol/Internet Protocol), wherein a confidentiality of the 
data communications is not fundamentally schemed. 

\ 

Such being the case, there were proposed a multiplicity 
of techniques for ensuring a data security between a user 
terminal and a server by use of a variety of encryption 
techniques such as a public key, etc.. 

In the cipher communications described above, it has been 
a general practice that a specific piece of encrypted data is 
transmitted to the server from the user terminal, and the server 
decrypts the encrypted data and authenticates a validity f the 
user concerned. 

The authentication server itself is, however, disposed 
in a open environment on the Internet, and, even if a firewall 
is established, the situation is that whoever knows an address 



of the server itself. 

Namely, there can not be denied such a possibility that 
the authentication server, of which the address is known, 
therefore always becomes a target of hackers and crackers. 

Further, an evil third party intercepts the encryption 
communication and resumes the data communications with the 
server, thus, so to speak, pretending to be a true user. There 
might also be a possibility in which a credit card etc. is 
illegally used on the network. 

It is a technical object of the present invention, which 
was devised in view of the above point, to provide a system for 
ensuring a high security on networks by enhancing a 
confidentiality of an authentication server itself, using in 
a disposable form a program for a user to inputting data for 
authentication, and distributing this program to a user 
terminal . 

Disclosure of the Invention 

According to a first means of the present invention, a 
network authentication system comprises an intermediary server 
for, with respect to a user terminal inputting data, relaying 
this item of data, and an authentication server for giving 
authentication to this item of data, wherein the authentication 
server outputs encryption information to the intermediary 
server with an input of a first item of data on the user terminal 
serving as a trigger, and the intermediary server generates an 
encryption program for encrypting a second item of data inputted 
from the user terminal on the basis of the encryption 



information received from the authentication server, and 
distributes this encryption program to the user terminal. 

The present invention has a characteristic point of thus 
actualizing the [intermediary authentication system] . 

That is, a confidentiality of the authentication server 
can be enhanced by processing via the intermediary server. 
Namely, an address itself of the authentication server can be 
kept confidential . 

Further, the intermediary server is provided with 
encryption information possessed by the authentication server, 
and the intermediary server generates an encryption program on 
the basis of this item of intrinsic encryption information . The 
second data is, when inputted from the user terminal, encrypted 
by this encryption program. Herein, the encryption program may 
be generated by a JAVA applet. 

Note that the user terminal is not limited to a terminal 
device taking a "form of its being installed indoors such as a 
personal computer, etc. and may be a mobile computer, a PDA 
(Personal Data Assistant) etc. connected to a movable telephone 
and incorporating a terminal function. Further, a movable 
telephone (such as an [i-mode terminal] made by NTT DOCOMO Co., 
Ltd.) itself, which has an Internet terminal function, may be 
used. 

According to a second means of the present invention, in 
the first means, the encryption information is an encryption 
function, and the authentication server evaluates a validity 
of a session given from the user terminal by comparing the second 



data encrypted by the encryption program with what the second 
data possessed by the authentication server itself is encrypted 
by the encryption function. 

The encryption function is not necessarily single, and 
the confidentiality by the encryption is made by far higher by 
preparing a plurality of functions. 

According to a third means of the present invention, in 
the first or the second means, the encryption information 
changes per session to the intermediary server from the user 
terminal . 

For example, pieces of date/hour information of a 
mechanical timer of the authentication server are used as 
parameters, whereby the encryption information different per 
session can be generated. With this contrivance, even if a 
third part intercepting the data given from the user terminal 
illegally accesses the intermediary server, the encryption 
information has already changed, and hence the fraudulent third 
party is unable to receive a valid authentication from the 
authentication server, with the result that the confidentiality 
can be kept. 

According to a fourth means of the present invention, in 
the first means, the first data is a user's ID, and the second 
data is a password. The present invention can be applied to 
a transfer of password information required to have a high 
confidentiality in confirmation of the number of acquired 
points of, e.g., a credit card. 

According to a fifth means of the present invention, in 
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the second means, the encryption information is an encryption 
key for specifying an encryption function among a plurality of 
encryption functions possessed by the intermediary server 
instead of the authentication server. 
5 In this case, the same function table is provided in both 

of the authentication server and the intermediary server, and 
it is feasible to specify the encryption function to be adopted 
from the table with the encryption key. 

According to a sixth means of the present invention, a 

10 network authentication method comprises a step of making an 
intermediary server relay a first item of data received from 
a user terminal to an authentication server, a step of 
generating encryption information on the basis of the first data 
and transmitting the same encryption information to the 

15 intermediary server, a step of reading a second item of data 
possessed by the authentication server, corresponding to the 
first data, and encrypting the second data with the encryption 
information, a step of making the intermediary server generate 
an encryption program for encrypting the second data inputted 

20 in the user terminal on the basis of the encryption information 
and distribute the encryption program to the user terminal, a 
step of encrypting the second data inputted by the encryption 
program in the user terminal, and a step of comparing the second 
data encrypted in the user terminal with the second data 

25 encrypted in the authentication server. 

In this means also, the confidentiality of the 
authentication server can be enhanced by processing via the 
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intermediary server. That is, the address itself of the 
authentication server can be kept confidential. Further, the 
intermediary server is provided with the encryption information 
possessed by the authentication server, and the intermediary 
5 server generates the encryption program on the basis of this 
item of intrinsic encryption information. The second data is, 
when inputted from the user terminal, encrypted by this 
encryption program. Herein, the encryption program may be 
generated by the JAVA applet. 
,-SlO According to a seventh means of the present invention, 

: Q in the sixth means, the encryption information changes per 
:],| session to the intermediary server from the user terminal. 
5^ For instance, pieces of date/hour information of the 

1* mechanical timer of the authentication server are used as 
: Jr; 15 parameters, whereby the encryption information different per 
2f session can be generated. With this contrivance, even if the 

^ third part intercepting the data given from the user terminal 
illegally accesses the intermediary server, the encryption 
information has already changed, and hence the fraudulent third 
20 party is unable to receive a valid authentication from the 
authentication server, with the result that the confidentiality 
can be kept . 

According to an eighth means of the present invention, 
there is provided a storage medium stored with a program 
25 comprising the steps described in the sixth means. 

Herein, the storage medium embraces all kinds of mediums 
having optical, magnetic and magneto-optic recording means, and 



may include an optical disk, a magneto-optic disk, a magnetic 
tape, or cartridge, a cassette and a card which accommodate 
these mediums. 

According to a ninth means of the present invention, the 
authentication server generates intrinsic information to a 
processing request with an input of the processing request on 
the user terminal serving as a trigger, and the intermediary 
server provides the user terminal with an input interface 
generated based on the intrinsic information. 

The processing request implies an act of being 
transmitted by a user pushing a button displayed on, e.g., an 
Internet browser etc. through a mouse. The intrinsic 
information generated by the authentication server implies , 
e.g., an accept number and an encryption method which correspond 
to the processing request concerned. 

According to a tenth means of the present invention, in 
the ninth means," an execution program functioning on the user 
terminal is prepared as the input interface, the execution 
program accepts an input of two or more pieces of user 
information, and the two or more pieces of user information 
inputted are encrypted and transmitted to the intermediary 
server. 

The execution program is, e.g., the JAVA applet, and the 
user information implies a card number and a password which are 
inputted on this applet. These pieces of user information are 
encrypted on the applet and transmitted via the intermediary 
server to the authentication server. 
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Brief Description of the Drawings 

FIG, 1 is a schematic view showing a system architecture 
in an embodiment of the present invention; 
5 FIG. j is an explanatory view showing contents of an 

accept database; 

FIG. x 3 is an explanatory view showing contents of an 
authorized database; 

FIG, 4 is a block diagram showing functions of an 
10 intermediary server and of an authentication server in an accept 
process in the embodiment thereof; 

FIG. 5 is a block diagram showing functions of the 



intermediary server and of the authentication server in an 

authentication process in the embodiment thereof; 
15 FIG. ^ 6 is a block diagram showing procedures of generating 

an HTML file and an encryption applet provided to a user terminal 

in the embodiment thereof; 

FIG. 7 i s an explanatory view showing source codes of the 

HTML file provided to the user terminal in the embodiment 
20 thereof; 

FIG. ^8 is a block diagram showing a modified example of 
a method of generating the encryption applet in the intermediary 
server in the embodiment thereof; 

FIG. 9 is an explanatory view (1) showing an encryption 
25 table in the embodiment thereof; 

FIG. 10 is an explanatory view (2) showing the encryption 
table in the embodiment thereof; 
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FIG. 11 is an explanatory view (3) showing the encryption 
table in the embodiment thereof; 

FIG. l£^- s an explanatory view showing a ten plate of the 
applet in the embodiment thereof; 
5 FIG. 13 is a sequence diagram showing a way of 

transferring and receiving data between the user terminal, the 
intermediary server, the authentication server in the 
embodiment thereof ; 

FIG. 14 is a display screen (1) of the user terminal in 
10 the embodiment thereof; 

FIG. 1 5 i s a display screen (2) of the user terminal in 
the embodiment thereof; 

FIG. 16 is a display screen (3) of the user terminal in 
the embodiment thereof; 
15 FIG, JL7^is a display screen (4) of the user terminal in 

the embodiment thereof; 

FIG. 18 is a sequence diagram (1) showing a way of 
transferring and receiving data between the user terminal, the 
intermediary server, the authentication server in a modified 
20 example in the embodiment thereof; and 

FIG. 19 is a sequence diagram (2) showing the way of 
transferring and receiving data between the user terminal, the 
intermediary server, the authentication server in the modified 
example in the embodiment thereof. 

25 

Best Mode for Carrying out the Invention 

The present invention will hereinafter be described with 



reference to the drawings. 

FIG. 1 is a schematic view showing a system architecture 
in this embodiment. 

In the present embodiment, a user terminal 1 is connected 
via an Internet 2 to an intermediary server 3. The intermediary 
server 3 is connected via a firewall server 4 to an 
authentication server 5 by a LAN or a WAN. 

The user terminal 1 is not limited to a terminal device 
taking a form of its being installed indoors such as a personal 
computer, etc. and may be a mobile computer, a PDA (Personal 
Data Assistant) . etc. connected to a movable telephone and 
incorporating a terminal function. Further, a movable 
telephone (such as an [i-mode terminal] made by NTT DOCOMO Co. , 
Ltd. ) itself, which has an Internet terminal function, may be 
used. 

The authentication server 5 includes an accept database 
6 and an authorizing database 7. FIGS. 2 and 3 show file formats 
of these databases 6, 7. To be specific, the accept database 
6 is registered with an accept number given by the 
authentication server 5, a card number inputted by the user 
terminal 1, and an encryption key (which will be mentioned later 
on) for specifying an encryption algorithm. While the 
authorizing database 7 is registered with a card number 
registered beforehand for authentication, and with a password 
registered likewise beforehand. 

Note that the authentication server 5 includes, other 
than the accept database 6 and the authorizing database 7, 
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though not illustrated in FIG. 1, a user information database 
26 and a result-of-authentication database 27 (both of which 
are given in FIG. 5) . 

The system shown in FIG. 1 is utilized in such a way that 
5 the user inputs, for instance, a credit card number and a 
password through the user terminal 1, and refers to points 
accumulated in the credit card. A high security on 
communications paths is required of the credit card number and 
the password inputted from the user terminal 1, and besides the 
;S 10 authentication server 5 for authenticating the card number and 
■J the password is required to keep the securities of the accept 

database 6 and of the authorizing database 7. 
%l In accordance with this embodiment, in those points, a 

JL ; „ data intercepts about the credit card number and the password 

i2 15 inputted from the user terminal 1 on the communications paths, 
J; ar ^ prevented by use of a temporary disposable program, e.g., 

a JAVA applet, and, with the intermediary server 3 being 
provided, the user terminal 1 communicates directly with this 
intermediary server 3, thereby making confidential an address 
20 of the authentication server 5 itself and the system 
architecture . 

Next, respective functions of the user terminal 1, the 
intermediary server 3 and the authentication server 5 will be 
explained with reference to FIG. 4. 
25 FIG. 4 is a block diagram showing how those functions 

imparted to the user terminal 1, the intermediary server 3 and 
the authentication server 5 work through processes in which the 



user terminal 1 accesses a server program 12 of the intermediary 
server 3 (see FIG. 14) , then picks up a card number input screen 
(see FIG, 15) and transmits the card number to the intermediary 
server 3, and a password input screen shown in FIG. 16 is 
displayed on the user terminal 1. 

To start with, the user accesses the Internet 2 from the 
user terminal 1 by a method such as dial pickup IP, etc., and 
starts up a browser (11 (WWW lookup program) within the user 
terminal 1. Then, a screen shown in FIG. 14 is displayed by 
specifying an address of a server program 12 of the intermediary 
server 3 as a URL (Uniform Resource Locator) . 

Subsequently, the user designates the point reference on 
the screen shown in FIG. 14, which involves use of an input 
assisting device such as a mouse and so on, whereby a card number 
input screen shown in FIG. 15 is displayed in accordance with 
link information set in the [Point Reference] . 

Herein, when the user inputs his or her own card number 
(e.g., [1234]), this inputted card number (ID) is transmitted 
to the intermediary server 3 (step (1) in FIG. 4: the numerals 
with braces in this embodiment correspond to the numerals with 
circles in FIG. 4) . 

When the server program 12 of the intermediary server 3 
receives the card ID, the accept Servlet 13 (which is a 
disposable server-side program) is actuated (step (2)), and 
the card ID is set in a state of queuing 14 through the accept 
Servlet 13 (steps (3) and (4)). 

The authentication server 5 periodically checks a queue 
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given from the intermediary server 3 with the aid of a queue 
fetch function 15 (step (5)), and, upon recognizing this queue 
14, fetches this queue (step (6)). 

Then, the authentication server 5 starts up an authorized 
5 user/agent program (which will hereinafter be termed 

[authorized UA] ) 16, and transmits the card number ID to this 
authorized UA 16 (steps (7) and (8) ) . The authorized UA 16 is 
categorized as a temporary agent program and, if the 
communications are disconnected for some reason by the user 

10 terminal 1, might be deleted from on the authentication server 
5 after a fixed time has elapsed. 

The authorized UA 16 further reads an encryption key and 
an encryption function from an encryption function management 
module 17 of the authentication server 5 (step (9}), then 

15 generates an accept number, and stores the accept database 6 
with accept information (step (10) ) . Note that the encryption 
key implies key information for encryption and involve use of 
an encryption function alternatively taken per accessing from 
a plurality of encryption functions. 

20 The following is a reason why the encryption key described 

above is prepared. 

Namely, the card ID is fixed, and hence it can be 
considered that the accessing might be tried a plurality of 
times with the same card ID. Therefore, a fraudulent access 

25 can be prevented by preparing the plurality of encryption 
functions capable of actualizing the encryption key different 
per accessing with respect to the card ID. 



- 14 - 



Incidentally, the encryption key and the encryption 
functions will be explained later on referring to FIGS. 9, 10 
and 11. Further, the accept number is a sequential number and 
reset at 12:00 am every day. Specifically, a third access on 
5 the very day is given a number [0003] . 

The authorized UA 16 creates the accept number given in 
sequence of acceptances as described above (step (10)), and 
stores the accept database 6 with this accept number together 
with the card ID and the encryption key (see FIG. 2) . 
J 10 Next, the authorized UA 16 indicates the intermediary 

y server 3 to start up an intermediary user/agent (which will 

hereinafter be called an [intermediary UA] 20 (steps (11) and 

U When the intermediary UA 20 is started up within the 

•jij 15 intermediary server 3, the authorized UA 16 of the 

authentication server 5 transmits accept information 
M-< consisting of the accept number, the card ID and the encryption 

function (step (13) ) . 

The intermediary UA 20 having received this piece of 
20 accept information transmits the accept number and the 

encryption function to the accept Servlet 13 described above 
(step (14)). 

The accept Servlet 13, based on this, generates an 
encryption applet 21 into which the accept number and the 
25 encryption function are embedded (step (15) ) . This encryption 
applet 21 is transmitted to the browser 11 of the user terminal 
1 via the server program (steps (16) and (17)). 
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The encryption applet 21 is defined as a so-called JAVA 
applet and transmitted to the browser 11 of the user terminal 

I together with a HTML (Hyper Text Markup Language) file serving 
as an interface. FIG. 16 shows a screen of the browser 11 at 

5 that time. The HTML file for displaying this is structured of 
a text description as shown in FIG. 7. In this description, 
OTP19980812114910. class designated as APPLET CODE is a file 
name of the encryption applet 21. The encryption applet 21 is 
a so-called one-time program as well as being a temporary 
J! 10 program used for only a session for authenticating the card ID 
kl concerned. The encryption applet 21, as described above, 

::*^ consists of the encryption function and the accept number given 

.jij b y the authentication server 5, and therefore a possibility of 

!L the identical encryption applet 21 being generated might 

jjj 15 decrease by the order of an astronomical numerical value. 
Hf Next, the functions of the intermediary server 3 and of 

M> the authentication server 5 till an authentication screen as 

shown in FIG. 17 is displayed since the password inputted on the 
applet screen shown in FIG. 16 has been authenticated by the 
20 authentication server 5 via the intermediary server 3 on the 
browser 11 of the user terminal 1, will be explained referring 
to FIG. 5. 

To begin with, the password inputted through the browser 

II on the user terminal 1 is encrypted by the encryption applet 
25 21 generated for one single session as discussed above, and 

transmitted to the intermediary server 3 (step (2)) . Even if 
the communications concerned might be intercepted by tracing 
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the circuit between the user terminal 1 and the intermediary 
server 3 by encrypting the password inputted by use of the 
encryption applet 21 limited to one single session which has 
been provided from the intermediary server 3, the password is 
5 unable to be used for a next session by the same card ID. 

In the intermediary server 3 having received the 
encrypted password, an authentication Servlet 25 is started up 
by the server program 12, and the encrypted password is 
transferred to this Servlet 25 (steps (3) and (4)). 

10 Herein, the authentication Servlet 25 carries on the 

accept number possessed by the accept Servlet 13 explained in 
FIG. 4, and transmits this accept number together with the 
encrypted password to the intermediary UA 20 (step (5)). 

The authorizing UA 16 of the authentication server 5 

15 issues a request for authentication to the intermediary server 
3 at a fixed interval (step (1)), and, if there occurs a state 
where the intermediary UA 20 of the intermediary server 3 
receives the accept number and the encrypted password, these 
pieces of information are transmitted to the authorizing UA 16 

20 with this authentication request serving as a trigger (step 
(6) ) . 

The authorizing UA 16 accesses the accept database 6 with 
the accept number serving as a key, and reads a card ID and an 
encryption key which correspond to this accept number (step (7)) . 
25 Then, with a set of the card ID, the encryption key which have 
been thus obtained and the encrypted password, an 
authentication module 28 is requested to perform the 
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authentication (step (8) ) . 

The authentication module 28 having accepted the 
authentication request reads the encryption function from the 
encryption function management module 17 (step (9)), and 
5 further reads the password from the authorized database 7 with 
the card ID serving as the key {step (10)). Then, the 
authentication module 28 encrypts the password read from the 
authorized database 7 by use of the encryption function (step 
(11)). The authentication module 28 compares this encrypted 

Ji 10 password with the above encrypted password received by the 

fi authorizing UA 16 (step (12)). 

7JJ The authentication module 28, if those two encrypted 

;^ passwords are identical with each other, answers that the 

authentication is OK, and reads user information from user 
;B3 15 information database 26 (step (13)). These pieces of user 
Uy information may include the number of acquired points with 

:U respect to the credit card of the relevant user, and so on. Then, 

the authentication module 28 registers in an authenticated 
result database 27 the accept number, the encryption password 
20 and the user information as a result of the authentication (step 
(14)). With this registration, the authentication module 28 
transmits the result of authentication, i.e., a result flag 
indicating that the authentication is OK and the user 
information such as the number of acquired points to the 
25 authorizing UA 16 (step (15)). 

The authorizing UA 16, if the result of authentication 
is OK, writes the encrypted password to the accept database 6 



(step (16)), , and transmits the result of authentication 
together with the user information to the intermediary UA 20 
of the intermediary server 3 (step (17)). 

The result of authentication is transmitted to the user 
terminal 1 via a route such as the intermediary UA 20 of the 
intermediary server 3 -> the authentication Servlet 25 -» the 
server program 12, and is displayed on the browser screen of 
the user terminal 1 (steps (18) - (20)). 

FIG. 17 shows the screen on the display of the user 
terminal 1 at that time. 

Next, a procedure of generating the encryption applet 21 
and the HTML file provided to browser 11 explained in FIG. 4, 
will be described with reference to FIG. 6. 

At the first onset, as discussed above, when the card ID 
is inputted from on the browser 11 (step (1)), the server program 
is started up, thereby prompting the actuation of the accept 
Servlet 13 (step (2) ) . 

The accept Servlet 13, at first, selectively reads a ten 
plate 61 of the applet as shown in FIG. 12 (step (3)), and 
performs rewriting of a seed program (Seed) and outputting of 
an execution file (class) (step (4)), thereby generating the 
encryption applet 21. Then, this encryption applet 21 is 
supplied together with HTML data 62 created by the accept 
Servlet 13 to the browser 11 of the user terminal 1 through the 
server program 12 (steps (5) and (6)). 

FIG. 7 shows specific source codes of the HTML data 62. 

Next, the encryption in this embodiment will be 



explained* 

To start with, the encryption key is set for making the 
encryption applet 21 disposable with a limit to the very session . 
Namely, it follows that there is generated an encryption formula 
different per session by operating the encryption key. For 
this purpose, the encryption function management module 17 is 
provided with encryption tables A and B in which the encryption 
functions shown in FIGS. 9 and 10 are registered. 

That is, in accordance with this embodiment, the 
encryption function adopted by the encryption key is specified, 
and this encryption key is retained within the accept database 
6 of the authentication server 5 for authenticating afterward 
(see FIG. 5) . 

Referring to FIGS. 9 and 10, a parameter "a" indicates 
a date and obtained from a timer function incorporated into each 
server. In the table structure given above, when [A3] is 
designated as an* encryption key, a third equation, i.e., [Y = 
aX + 3] in the table A shown in FIG. 9 is adopted. In the case 
of using this equation, supposing that the date concerned is, 
for example, 10th (a = 10) , a numerical value Y obtained by 
multiplying an inputted numerical value X by 10 and adding 3 
to the multiplied result, becomes an encryption value. 

Note that the encryption key may involve use of a value 
of a mechanical timer of the server as a parameter so as to 
generate the numerical value different per session. For 
instance, if the functions shown in FIG. 11 are registered in 
the encryption table, A indicates second (4 digits) of the 



mechanical timer of the server, B represents year, month and 
date {6 digits) of the mechanical timer of the server, and C 
denotes hour and minute (4 digits) of the mechanical timer of 
the server. 

Next, the process of transferring and receiving the 
information between the user terminal 1, the intermediary 
server 3 and the authentication server 5 will be explained by 
use of the following specific numerical values with reference 
to FIG. 13 for facilitating comprehension of the encryption and 
the authentication in this embodiment. 

Card number (ID) : 1234 

Accept number: 4 912 

Password: 9104 

Encryption function: Y = 3X - 99 

To begin with, when [1234] is inputted as the card number 
(ID) from the user terminal 1 (step 1301), the intermediary 
server 3 receives this card number (ID) for a relay (1302) and 
notifies the authentication server 5 of the same number. 

The authentication server 5 obtains this card number (ID) 
[1234] and gives an accept number [4912] thereto. Then, an 
encryption method is set (1303) . To be specific, an encryption 
function [Y = 3X - 99] and an encryption key for specifying this 
function are read from the encryption function management 
module 17 (see FIG. 4). 

The intermediary server 3 obtains the accept number 
[4912] and the encryption function [Y = 3X - 99] from the 
authentication server 5 (1304), and generates the encryption 
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applet 21 into which the accept number and the encryption 
function are embedded (1305) . 

Next, when a password [9104] is inputted to on the user 
terminal 1 (1306), this is calculated based on the encryption 
5 function [Y - 3X - 99], and the authentication server 5 is 
notified of a result of the calculation as an encrypted password 
[27213] via the intermediary server 3 (1307, 1308). 

On the other hand, the authentication server 5 reads, in 
parallel with the above processing, the encryption function [Y 
10 = 3X - 99] from the encryption function management module 17 
(1309), and reads a password [9104] from the authorized database 

7, in which the card number (ID) obtained in step 1303 serves 
as a key (1310) . Then, the read password is encrypted by the 
encryption function [Y = 3X - 99] (1311) . Then, the numerical 

15 value encrypted herein is compared with the encrypted password 

[27213] of which the user terminal 1 has notified (1312) . 

As a result, if what the password stored in the authorized 

database 7 is encrypted is identical with the encrypted password 

given from the user terminal 1, the authentication is 
20 established, and the user information retained in the 

authentication server 5 is supplied via the intermediary server 

3 (1313) to the user terminal 1 (1314) . 

Note that the discussion made above has dealt with the 

case where the authentication server 5 notifies the 
25 intermediary server 3 of the encryption function, and the 

encryption applet 21 is generated, however, as shown in FIG. 

8, the intermediary server 3 receives only an encryption key 



801 from the authentication server 5, and the encryption applet 
21 may also be generated by a combination with a function table 

802 possessed by the intermediary server 3 itself. 

In this case, the function table 802 held by the 
intermediary server 3 must be identical with the function table 
of the encryption function management module 17 possessed by 
the authentication server 5. 

FIG. 18 is a sequence diagram showing how the data are 
transferred and received between the user terminal the 
intermediary server and the authentication server in a modified 
example of the embodiment of the present invention. 

In the sequence diagram in FIG. 13, the authentication 
server issues the accept number after the card number has been 
inputted from the user terminal 1, and, based on this issuance, 
the intermediary server 3 generates and distributes the applet. 
The user terminal 1 is contrived to input the password on this 
applet . 

By contrast, in the sequence in FIG. 18, when a processing 
request is made by the user terminal 1, the intermediary server 
generates and distributes the applet on the basis of the 
encryption method and the accept number given from the 
authentication server 5, and the user terminal 1 is contrived 
to input the card number and the password on this applet. 

This process will be described more specifically. 

To begin with, when the user clicks a processing request 
button displayed via the Internet browser, etc. on the user 
terminal 1 (step 1801), the intermediary server 3 notifies the 
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authentication server 5 of a purport that this processing 
request has been given (1802) . The authentication server 5, 
based on this, sets the accept number and the encryption method 
(involving use of, e.g., the encryption function [Y = 3X - 99] ) 
5 (1803) . The process in this step 1803 is the same as step 1303 
in FIG. 13, Herein, supposing that 4912 as an accept number 
is given to the authentication server 5, the intermediary server 
3 is notified of this accept number and the encryption method 
(1805) . 

10 The intermediary server 3, based on this, generates the 

applet and distributes this applet to the user terminal 1 
(1805) . 

The applet distributed from the intermediary server 3 is 
executed on the user terminal 1, and an input of the card number 

15 and the password from the user is accepted (1806) . Herein, the 
password inputted is converted into an encrypted password 
(which is herein Y = 3X - 99 = 3 X 9104 - 99 = 27213) on the 
applet on the basis of the encryption method described above, 
and this encrypted password is transmitted to the intermediary 

20 server 3 (1807) . 

On the other hand, the authentication server 5 reads, in 
parallel with the above processing, the encryption function [Y 
= 3X - 99] from the encryption function management module 17 
(1809), and reads target data from the authorized database 7 

25 (1810) . The target data contain the card number and the 

password [9104] . Then, the read password is encrypted by the 
encryption function [Y = 3X - 99] (1811). subsequently, the 
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numerical value encrypted herein is compared with the encrypted 
password [27213] of which the user terminal 1 has notified 
(1812) . 

As a result, if what the password stored in the authorized 
5 database 7 is encrypted is identical with the encrypted password 
given from the user terminal 1, the authentication is 
established, and the user information retained in the 
authentication server 5 is supplied via the intermediary server 
3 (1813) to the user terminal 1 (1814). 
10 Thus, in the modified example shown in FIG. 18, the card 

number and the password are inputted on the same applet to the 
user, and hence the user never feels a stress caused by waiting 
for an input screen of the password since the card number has 
been inputted. 

15 Further, FIG. 18 exemplifies the example of inputting two 

pieces of user information such as the card number and the 
password on the applet in step 1806, however, the user 
information is not limited to these two items, and a plurality 
of items may also be inputted. FIG, 19 is a sequence diagram 

20 showing this example. As shown in FIG. 19, plural items of data 
are registered in the authorized database 7 and collated with 
the user information inputted. 

Incidentally, the details thereof are the same as what 
has been explained in FIGS. 13 and 18, and the explanation is 

25 therefore omitted. 

As discussed above, according to the present invention, 
an existence of the authentication server itself can be made 
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confidential by the route via the intermediary server with 
respect to the authenticating operation from the user terminal. 

Moreover, the intermediary server provides the 
encryption program disposable with the limit to the very session, 
5 and the input data can be encrypted by this encryption program 
on the user terminal. Hence, the data communications 
exhibiting a high security against a leak on the communications 
path, can be attained. 

In addition, the encryption program is categorized as the 
10 encryption program disposable with the limit to the very session, 
and therefore, even if a third party launches into a session 
based on the leaked data, the encryption program never be 
coincident, whereby the fraudulent access can be prevented. 



15 Industrial Applicability 

The present invention can be applied to the 
authentication system in a case where the user purchases 
commercial goods via the Internet from a terminal computer and 
a portable terminal, and so on. 
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WHAT IS CLAIMED IS: 

1. A network authentication system comprising: 

an intermediary server for, with respect to a user 
terminal inputting data, relaying this item of data; and 
5 an authentication server for giving authentication to 

this item of data, 

wherein said authentication server outputs encryption 
information to said intermediary server with an input of a first 
item of data on said user terminal serving as a trigger, and 
10 said intermediary server generates an encryption program 

for encrypting a second item of data inputted from said user 
terminal on the basis of the encryption information received 
from said authentication server, and distributes this 
encryption program to said user terminal. 

15 

2. A network authentication system according to claim 1, 
wherein the encryption information is an encryption function, 
and 

said authentication server evaluates a validity of a 
20 session given from said user terminal by comparing the second 
data encrypted by the encryption program with what the second 
data possessed by said authentication server itself is 
encrypted by the encryption function, 

'25 3. A network authentication system according to claim 1 

or 2, wherein the encryption information changes per session 
to said intermediary server from said user terminal. 
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4. A network authentication system according to claim 1, 
wherein the first data is a user' s ID, and 

the second data is a password. 

5 

5. A network authentication system according to claim 2, 
wherein the encryption information is an encryption key for 
specifying an encryption function among a plurality of 
encryption functions possessed by said intermediary server 

10 instead of said authentication server. 



6. A network authentication method comprising: 
a step of making an intermediary server relay a first item 
of data received from a user terminal to an authentication 
15 server; 

a step of generating encryption information on the basis 
of the first data and transmitting the same encryption 
information to said intermediary server; 

a step of reading a second item of data possessed by said 
20 authentication server, corresponding to the first data, and 
encrypting the second data with the encryption information; 

a step of making said intermediary server generate an 
encryption program for encrypting the second data inputted in 
said user terminal on the basis of the encryption information 
25 and distribute the encryption program to said user terminal; 

a step of encrypting the second data inputted by the 
encryption program in said user terminal; and 
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a step of comparing the second data encrypted in said user 
terminal with the second data encrypted in said authentication 
server . 

5 7. A network authentication method according to claim 6, 

wherein the encryption information changes per session to said 
intermediary server from said user terminal. 

8. A storage medium stored with a program comprising: 
10 a step of making an intermediary server relay a first item 

of data received from a user terminal to an authentication 
server; 

a step of generating encryption information on the basis 
of the first data and transmitting the same encryption 
15 information to said intermediary server; 

a step of reading a second item of data possessed by said 
authentication server, corresponding to the first data, and 
encrypting the second data with the encryption information; 

a step of making said intermediary server generate an 
20 encryption program for encrypting the second data inputted in 
said user terminal on the basis of the encryption information 
and distribute the encryption program to said user terminal; 

a step of encrypting the second data inputted by the 
encryption program in said user terminal; and 
25 a step of comparing the second data encrypted in said user 

terminal with the second data encrypted in said authentication 
server. 



9. A network authentication system comprising: 

an intermediary server for, with respect to a user 
terminal inputting data, relaying this item of data; and 

an authentication server for giving authentication to 
this item of data, 

wherein said authentication server generates intrinsic 
information to a processing request with an input of the 
processing request on said user terminal serving as a trigger, 
and 

said intermediary server provides said user terminal with 
an input interface generated based on the intrinsic 
information. 

10. A network authentication system according to claim 
9, wherein said input interface is an execution program 
functioning on said user terminal, 

the execution program accepts an input of two or more 
pieces of user information, and 

the two or more pieces of user information inputted are 
encrypted and transmitted to said intermediary server. 
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Abstract 

When an ID is inputted from a personal computer and a 
mobile terminal, an authentication server is notified of this 
ID via an intermediary server. The authentication server , 

5 based on this ID, notifies the intermediary server of encryption 
information at that point of time. The intermediary server 
provides a user terminal with a disposable program for inputting 
data on the basis of the encryption information. A password 
inputted in the user terminal is encrypted by this program, and 

10 the authentication server is notified of the encrypted password 
and checks its validity. A confidentiality of the 
authentication server itself can be thus kept because of 
processing via the intermediary server. The disposable 
program is provided in a form such as a JAVA applet, whereby 

15 a fraudulent access by a third party intercepting a session 
concerned can be prevented. 
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FIG. 2 

<ACCEPT DB> 

ACCEPT NUMBER: ACCEPT NUMBER NUMBERED BY AUTHENTICATION SERVER 
CARD ID: CAR D NUMBER INPUTTED BY USER 

ENCRYPTION KEY: KEY FOR SPECIFYING ENCRYPTION ALGORITHM 



FIG. 3 

<AURTHORIZED DB>, 

CARD ID: P RE-REG ISTERED CARD NUMBER 
PASSWORD: P RE-REGISTERED PASSWORD 
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FIG. 7 



<HTML> 
<HEA0> 

<TITLE> PASSWORD INPUT SCREEN </TITLE> L /~o 

</HEAD> 1 
<B0DY> 



<APPLET C00E=" 0TP1 998081 21 1 49 1 Q . class" WIDTH=400 HEIGHT=300> 
</APPLET> 



</BO0Y> 
</HTML> 
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FIG. 9 
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FIG. 12 



INPUT USER ID 



Submit Reset 
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FIG. 13 
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FIG. 14 




EXAMPLE OF SIMPLE AUTHENTICATION SCREEN 
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EXAMPLE OF SIMPLE AUTHENTICATION SCREEN 
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FIG. 16 



EXAMPLE OF SIMPLE AUTHENTICATION SCREEN 
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FIG. 17 



EXAMPLE OF SIMPLE AUTHENTICATION SCREEN 



FILE (F) EDIT (*E) DISPLAY £V} MOVE (G) FAVORITE (A) HELP (H) 



RETURN GO 
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FIG. 19 
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